OAuth 2.1 is here: What you need to know

published on 2024/09/11

One of the most significant changes in OAuth 2.1 is that Proof Key for Code Exchange (PKCE) is now required for all OAuth clients using the Authorization Code flow. PKCE is a security extension that prevents authorization code interception attacks. It's especially useful for mobile and Single Page Applications (SPAs) where the client secret can't be securely stored.

logto